Fatal编程技术网
  • php/
  • Php 输入详细信息后未登录的登录表单

Php 输入详细信息后未登录的登录表单

php

Php 输入详细信息后未登录的登录表单,php,Php,我正在为一个网站创建一个登录表单,该表单应该在用户登录后将其重定向到索引页面。我遇到的问题是,当我输入登录的详细信息时,它会运行代码中的错误部分,而我似乎无法找出哪里出错了。我已经检查了我的代码,甚至对密码和用户名进行了物理比较,并且它们是匹配的。请帮我找出哪里出了问题 config.php <?php session_start(); $host = 'localhost'; $host_user = 'root'; $host_pass = ''; $db_name = 'the_d

我正在为一个网站创建一个登录表单,该表单应该在用户登录后将其重定向到索引页面。我遇到的问题是,当我输入登录的详细信息时,它会运行代码中的错误部分,而我似乎无法找出哪里出错了。我已经检查了我的代码,甚至对密码和用户名进行了物理比较,并且它们是匹配的。请帮我找出哪里出了问题

config.php

<?php
session_start();

$host = 'localhost';
$host_user = 'root';
$host_pass = '';
$db_name = 'the_dms_db';

$conn = mysqli_connect($host, $host_user, $host_pass, $db_name);

if (!$conn) {
    echo 'Could not connect to the database';
}

$name = '';
$surname = '';
$username = '';
$email = '';
$errors = array();

if (isset($_POST['register_user'])) {
    // receive inputs
    $name = mysqli_real_escape_string($conn, $_POST['name']);
    $surname = mysqli_real_escape_string($conn, $_POST['surname']);
    $username = mysqli_real_escape_string($conn, $_POST['username']);
    $email = mysqli_real_escape_string($conn, $_POST['email']);
    $password = mysqli_real_escape_string($conn, $_POST['password']);
    $c_password = mysqli_real_escape_string($conn, $_POST['c_password']);

    // form validation that it is filled correctly
    if (empty($name)) {
        array_push($errors, "Name is required");
    }
    if (empty($surname)) {
        array_push($errors, "Surname is required");
    }
    if (empty($username)) {
        array_push($errors, "Username is required");
    }
    if (empty($email)) {
        array_push($errors, "Email is required");
    }
    if (empty($password)) {
        array_push($errors, "Password is required");
    }
    if ($password != $c_password) {
        array_push($errors, "Passwords to not match");
    }

    // check database to see if user exists
    $user_check_query = "SELECT * FROM users WHERE username='$username' OR email = '$email' LIMIT 1";
    $result = mysqli_query($conn, $user_check_query);
    $user = mysqli_fetch_assoc($result);

    if ($user) {
        if ($user['username'] === $username) {
            array_push($errors, 'Username already exists');
        }

        if ($user['email'] === $email) {
            array_push($errors, 'Email already exists');
        }
    }

    // register user if no errors
    $pass_hash = password_hash($password, PASSWORD_BCRYPT);
    if (count($errors) == 0) {

        $query = "INSERT INTO users (name, surname, username, email, password) VALUES ('$name', '$surname', '$username', '$email', '$pass_hash')";
        mysqli_query($conn, $query);
        $_SESSION['username'] = $username;
        $_SESSION['success'] = 'You are now logged in!';
        header('location: ./index.php');
    }
}

if (isset($_POST['login_user'])) {
    $username = mysqli_real_escape_string($conn, $_POST['username']);
    $password = mysqli_real_escape_string($conn, $_POST['password']);

    if (empty($username)) {
        array_push($errors, 'Username is required');
    }
    if (empty($password)) {
        array_push($errors, 'Password is required');
    }

    if (count($errors) == 0) {
        $password = password_hash($password, PASSWORD_BCRYPT);

        $query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
        $results = mysqli_query($conn, $query);

        if (mysqli_num_rows($results) == 0) {
            $_SESSION['username'] = $username;
            $_SESSION['success'] = 'You are now logged in!';
            header('location: ./index.php');
        } else {
            array_push($errors, 'Wrong username/password');
        }
    }
}

<?php
require_once './header.php';
include_once './config.php';
?>
<link rel="stylesheet" href="/assets/css/style.css">
<section class="sign-in-section">
    <div class="container">
        <div class="form-area ">
            <h1>Sign In</h1>
            <form action="./signin.php" class="signin-form" method="POST">
                <?php include './errors.php'; ?>
                <section class="input-sections">
                    <input type="text" class="inputs form-control" name="username" id="username" placeholder="Username or Email">
                    <input type="password" class="inputs form-control" name="password" id="password" placeholder="Password">
                    <button type="submit" class="btn-form btn signin-btn" name="login_user" id="login_user">Sign in</button>
                </section>
            </form>
            <a href="./signup.php">Not yet a member? Register here!</a>
        </div>
    </div>
</section>

<?php
include './config.php';
require_once './header.php';
?>
<link rel="stylesheet" href="/assets/css/style.css">
<section class="sign-in-section">
    <div class="container">
        <div class="form-area ">
            <h1>Sign up</h1>
            <form action="signup.php" class="signup-form" method="post">
                <?php include './errors.php' ?>
                <section class="input-sections">
                    <input type="text" class="inputs form-control" name="name" id="name" placeholder="Name" value="<?php echo $name ?>">
                    <input type="text" class="inputs form-control" name="surname" id="surname" placeholder="Surname" value="<?php echo $surname ?>">
                    <input type="text" class="inputs form-control" name="username" id="username" placeholder="Username" value="<?php echo $username ?>">
                    <input type="text" class="inputs form-control" name="email" id="email" placeholder="Email" value="<?php echo $email ?>">
                    <input type="password" class="inputs form-control" name="password" id="password" placeholder="Password">
                    <input type="password" class="inputs form-control" name="c_password" id="c_password" placeholder="Confirm Password">
                    <button type="submit" class="btn-form btn register-btn" name="register_user" id="register">Register</button>
                </section>
            </form>
            <a href="./signin.php">Already have an account? Sing in here!</a>
        </div>
    </div>
</section>

<?php if (count($errors) > 0) : ?>
    <div class="error">
        <?php foreach ($errors as $error) : ?>
            <p><?php echo $error ?></p>
        <?php endforeach ?>
    </div>
<?php endif ?>

如果是匹配的,返回的结果不应该是1行而不是0行吗

改变这个


if (mysqli_num_rows($results) == 0)


对此


if (mysqli_num_rows($results) >= 1)



如果您忽略了sql语句中的漏洞,那么您应该分析以下内容,看看您在使用上述方法时误入歧途的地方。使用
password\u hash
将在每次调用时生成一个新的hash,因此哈希密码将永远不会(希望)与新生成的hash匹配。您需要使用
密码\u验证


define('BR','<br />');
$password=$_POST['password'];

$query = "SELECT `password` FROM `users` WHERE `username`='$username' LIMIT 1";
$results = mysqli_query( $conn, $query );

$rs=mysqli_fetch_assoc( $results );

if( password_verify( $password, $rs['password'] ) ){
    /* OK - The user supplied a good username/password combo */
}else{
    /* Bad Foo!!! The supplied password did not verify against the stored hash */
}


您可能会看到类似的结果:


$2y$10$7a4Cvzn51eYa3EJKary8zemJn4/GiFA.2fqYQrwd6QrRORIk552Wm
$2y$10$E5.28SSkQo2lZv11zilkBO1L35umAFzr5Zr2yKScX4nDgFkN.kTbK
$2y$10$HEzHOFT/7V972XDEB9uzRuU/dxHxRnSXs64wu1qdahJs2CSp3wwD6



正如你所看到的,它们都是不同的…
你能显示
errors.php
文件的内容吗?请查看编辑后的问题
errors.php
的输出实际上揭示了什么错误?如果你使用
password\u hash
对用户的密码进行初始哈希,我尝试登录时会运行错误的用户名/密码错误密码,则您不会在登录时使用
password\u hash
尝试验证同一密码-您应该尝试使用
password\u verify
(但不是SQL!!)即使在输入此代码后,当我单击登录按钮时,它运行的
用户名/密码错误
,但如果在将密码保存到数据库时没有对密码进行哈希运算,它将登录并重定向到index.php

$2y$10$7a4Cvzn51eYa3EJKary8zemJn4/GiFA.2fqYQrwd6QrRORIk552Wm
$2y$10$E5.28SSkQo2lZv11zilkBO1L35umAFzr5Zr2yKScX4nDgFkN.kTbK
$2y$10$HEzHOFT/7V972XDEB9uzRuU/dxHxRnSXs64wu1qdahJs2CSp3wwD6